How to use SonarCloud with a forked repository on GitHub?

scanner
github
(CSchulz) #1

We are using GitHub together with SonarCloud to check also pull requests.
With the recent removal of the preview mode it is not possible to run checks on pull requests from forks.

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.5.0.1254:sonar (default-cli) on project jpasecurity: The preview mode, along with the ‘sonar.analysis.mode’ parameter, is no more supported. You should stop using this parameter. -> [Help 1]

Removing the mode parameter results into:

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.5.0.1254:sonar (default-cli) on project jpasecurity: You’re not authorized to run analysis. Please contact the project administrator. -> [Help 1]

So how can I enforce pull requests from forks to get checked with sonar?

2 Likes
(CSchulz) #2

sonarlint CLI should / can not be used for scanning locally anymore:
https://groups.google.com/forum/#!msg/sonarqube/WlALjVzp-OE/Ev3QpnaOBAAJ

Another discussion hitting the same pain point for open source projects with forks:
https://groups.google.com/forum/#!topic/sonarqube/4bzwxkqJGAc

The pull request feature is very nice, but for our concern not applicable, because most of the people creating pull requests are not permitted to create a branch in our repos.

(Benoit) #3

Hi,

Bringing the pull request decoration on external PR is on our plan: MMF-1371. Unfortunately I can’t give you an ETA.

1 Like
(CSchulz) #4

I know about that feature plans, but it doesn’t improve the situation at the moment.

With removing the preview analysis option, it is not possible to have at least one check before getting stuff merged into your own repository.
Before it was possible to run the scanner in preview / issues mode to get an analysis of the changed sources.

What is the official statement of SonarSource to keep running the environment like that?